Maximo

Maximo

Come for answers, stay for best practices. All we're missing is you.

 View Only

  • 1.  Maximo Mobile and SAML SSO and ADFS

    Posted Fri October 18, 2024 04:30 PM

    Has anyone successfully been able to get SAML SSO working with Maximo Mobile when ADFS is used as the identity provider?  I've looked into this on and off over the years and it was last left with support with an enhancement request, but figured I'd check to see if anyone has found any workaround.  

    From what I've gathered, the inappbrowser invoked by Mobile when getting the SAML token isn't compatible with Kerberos, which ADFS is still using prior to sending back the SAML response.  It seems odd that my organization would be an outlier with that config, but maybe.  

    Our SAML implementation works fine with the normal apps - it just comes to a stop in Mobile as soon as authentication is passed off to ADFS and the windows integrated authentication endpoint.   My current workaround to use mobile is to setup a separate JVM that uses maximo authentication and have users go the normal username/password route.



    ------------------------------
    Brandon Fisher
    ------------------------------


  • 2.  RE: Maximo Mobile and SAML SSO and ADFS

    Posted Wed October 23, 2024 04:06 PM

    Hello Brandon,

    Can you please share you environment detail ? Are you doing separate authentication methods for mobile and desktop setting up separate JVM ?

    We are in initial phase of implementing mobile. Your input helps !

     



    ------------------------------
    Jignesh Shah
    ------------------------------

    Original Message


  • 3.  RE: Maximo Mobile and SAML SSO and ADFS

    Posted Wed October 23, 2024 04:16 PM

    Yeah, I am currently running separate JVMs - one uses Maximo authentication and Maximo Mobile points to it since I can't get our SSO implementation to work with it.  The other uses SAML SSO.

    I just have to change the maximouiweb web.xml to not use appserversecurity/form based login and then add these properties to a properties override file used by the JVM that uses Maximo authentication:

    mxe.useAppServerSecurity=0
    mxe.useSAML=0


    Original Message